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DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on January 6, 2009 has been entered. 

2. Applicant's response filed on October 28, 2008 has been carefully considered. 
Claims 1 , 3-8, 1 0-1 5, 17-21, and 23-30, 32 are pending. 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was 
made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall 
not be negatived by the manner in which the invention was made. 

4. Claims 1, 3-8, 10-15, 17-21 and 23-30, 32 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Arrow et al. (U.S. Patent No. 6,175,917 B1), hereinafter "Arrow", in 
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view of Yamaguchi et al. (U.S. Pub. No. 2001/0042201 A1), hereinafter "Yamaguchi", and 
further in view of Rothermel et al. (U.S. Patent No. 6,678,827 B1), hereinafter "Rothermel". 

Referring to claim 1 : 

i. Arrow teaches: 

A network comprising: 

IP processing apparatuses, which use an IP (Internet Protocol) for 
encrypting and authenticating communications via the Internet between two different centers 
(see figure 1, elements 115, 125, 135, 145, 155; and column 6, line 61, through column 7, line 7, 
of Arrow); and 

an IP setting apparatus, which manages IP settings of the IP processing 
apparatuses (see figure 1, element 160 'VPN management station'; figure 13, elements 1314 
"define access control rules", 1316 "define address translation rules"; and column 15, line 69, 
through column 16, line 15, of Arrow); 

wherein in response to receiving a request from a first IP processing 
apparatus to communicate with a second IP processing apparatus, the second IP setting 
apparatus transmits a response (see column 7, lines 26-45, of Arrow). 

Arrow further discloses that the IP setting apparatus transmits a common 
encryption key to the first and second IP process apparatuses to be used to encrypt and 
authenticate IP communications between the first and second process apparatuses (see column 
11, lines 27-34, of Arrow). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54 of 
Arrow). However, Arrow does not specifically mention the IPsec (Internet Protocol security 
protocol). Neither does Arrow Specifically mention that the VPN units make a request to the 
VPN management unit in order to communicate with other VPN units. 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi 
discloses using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph 
[0008] of Yamaguchi). 

On the other hand, Rothermel teaches managing multiple network security 
devices from a manager device, wherein Rothermel discloses that the VPN units makes a 
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request to the VPN management unit in order to communicate with other VPN units (see figure 
1, elements 120, 160 'supervisor/host device', element 110 'security policy manager device'; 
and column 5, line 52-60 'In some embodiments, the manager device and supervisor devices 
are external devices. Security for the communications between the manager device , supervisor 
devices [ i.e., VPN management units ], and NSDs [i.e., VPN units] can be provided in a variety of 
ways . For example, any of the information transmitted between the NSDs [i.e., VPN units] and 
the supervisor devices [i.e., VPN management units] and between the supervisor devices and 
the manager device can be protected from unauthorized access by encrypting the information 
(e.g., using Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode).', of 
Rothermel). 

iii. It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Yamaguchi into the method of Arrow to use 
IPsec. 

It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Rothermel into the method of Arrow to let 
the VPN units make a request to the VPN management unit in order to communicate with other 
VPN units. 

iv. The ordinary skilled person would have been motivated to have applied the 
teaching of Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches 
implementing VPN (Virtual Private Network) via IP (Internet Protocol), and Yamaguchi discloses 
using IPsec to implement VPN (see page 1, paragraph [0008] of Yamaguchi). Therefore, 
Yamaguchi's teaching would be a good match to Arrow's teaching. 

The ordinary skilled person would have been motivated to have applied the 
teaching of Rothermel into the system of Arrow to let the VPN units make a request to the VPN 
management unit in order to communicate with other VPN units, because Arrow teaches "If a 
packet is received from a remote client that is not currently 

authenticated, the system attempts to authenticate the remote client before forwarding traffic 
from that client. If authentication is successful, the system dynamically retrieves configuration 
information for the remote client from a database [i.e., VPN management unit] and further traffic 
from that client will be processed according to the retrieved configuration information." (see 
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column 8, lines 11-20, of Arrow, emphasis added). Rothermel teaches that the VPN units make 
a request to the VPN management unit in order to communicate with other VPN units (see (ii) 
above). Therefore, Rothermel's teaching could enhance Arrow's system. 
Referring to claims 3-4. 10-11.16. 23-24, 29 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: a network. 
They further disclose transmitting messages between IPsec setting server apparatus and IPsec 
processing apparatus (see column 9, lines 19-22 of Arrow). 
Referring to claims 5, 12. 25 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: a network. 
They further disclose generating SA (Security Association) parameters (see figure 13, element 
1310 'define VPN parameters'; and column 15, lines 52-54 of Arrow). 
Referring to claims 6. 13. 26 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: a network. 
They further disclose send a message including the policies and the SA parameters (see figure 
13, elements 1310, 1314, 1316; and column 9, lines 19-22 of Arrow). 
Referring to claims 7, 14, 19, 27 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: a network. 
They further disclose the keys for encryption and authentication (see column 11, lines 32-34 of 
Arrow). 

Referring to claim 8 : 

i. Arrow teaches: 

An IP setting apparatus managing IP setting of IP processing apparatuses, 
which use an IP (Internet Protocol) for securing communication via the Internet between two 
different centers (see figure 1, element 160; figure 13, elements 1314 "define access control 
rules", 1316 "define address translation rules"; and column 15, line 69, through column 16, line 

1 5, of Arrow), 

wherein said IP setting apparatus manages IP policies applied among IP 
processing apparatus(see figure 1, element 160; figure 13, elements 1314 "define access 
control rules", 1316 "define address translation rules"; and column 15, line 69, through column 

16, line 15 of Arrow), and 



Application/Control Number: 10/655,372 
Art Unit: 2435 



Page 6 



wherein said IP setting apparatus includes means for specifying specifies 
the IP policies of said IP to be applied between a first IP processing apparatus and the 
second IP processing apparatus (see figure 1 1 , element 1 1 02 ' receive request to configure 
VPN unit'; figure 13, elements 1310 'define VPN parameters', 1314 'define access control rules '. 
1316 'define address translation rules ': and column 15, line 52-column 16, line 15, of Arrow, 
emphasis added). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54 of 
Arrow). However, Arrow does not specifically mention the IPsec (Internet Protocol security 
protocol). Neither does Arrow Specifically mention that the VPN units make a request to the 
VPN management unit in order to communicate with other VPN units. 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi 
discloses using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph 
[0008] of Yamaguchi). 

On the other hand, Rothermel teaches managing multiple network security 
devices from a manager device, wherein Rothermel discloses that the VPN units makes a 
request to the VPN management unit in order to communicate with other VPN units (see figure 
1, elements 120, 160 'supervisor/host device', element 110 'security policy manager device'; 
and column 5, line 52-60 'In some embodiments, the manager device and supervisor devices 
are external devices. Security for the communications between the manager device , supervisor 
devices [ i.e., VPN management units ], and NSDs [i.e., VPN units] can be provided in a variety of 
ways . For example, any of the information transmitted between the NSDs and the supervisor 
devices and between the supervisor devices and the manager device can be protected from 
unauthorized access by encrypting the information (e.g., using Data Encryption Standard (DES) 
in Cipher Block Chaining (CBC) mode).', of Rothermel). 

iii. It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Yamaguchi into the method of Arrow to use 
IPsec. 

It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Rothermel into the method of Arrow to let 
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the VPN units make a request to the VPN management unit in order to communicate with other 
VPN units. 

iv. The ordinary skilled person would have been motivated to have applied the 
teaching of Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches 
implementing VPN (Virtual Private Network) via IP (Internet Protocol), and Yamaguchi discloses 
using IPsec to implement VPN (see page 1, paragraph [0008] of Yamaguchi). Therefore, 
Yamaguchi's teaching would be a good match to Arrow's teaching. 

The ordinary skilled person would have been motivated to have applied the 
teaching of Rothermel into the system of Arrow to let the VPN units make a request to the VPN 
management unit in order to communicate with other VPN units, because Arrow teaches "If a 
packet is received from a remote client that is not currently 

authenticated, the system attempts to authenticate the remote client before forwarding traffic 
from that client. If authentication is successful, the system dynamically retrieves configuration 
information for the remote client from a database [i.e., VPN management unit] and further traffic 
from that client will be processed according to the retrieved configuration information." (see 
column 8, lines 11-20, of Arrow, emphasis added). Rothermel teaches that the VPN units make 
a request to the VPN management unit in order to communicate with other VPN units (see ii 
above). Therefore, Rothermel's teaching could enhance Arrow's system. 
Referring to claim 15 : 

i. Arrow teaches: 

An IP processing apparatus using an IP (Internet Protocol) on the Internet, 
wherein said IP processing apparatus receives from an IP setting 
apparatus managing communication a packet containing the IP to be applied to communication 
with another IP processing apparatus, determines whether or not to request from the IP setting 
apparatus a setting for IP communication (see column 4, lines 38-40; column 11, lines 27-30 of 
Arrow), and 

wherein the IP processing apparatus transmits a request to the IP setting 
apparatus in order to receive from the IP setting apparatus a setting for IP communication (see 
figure 1 1 , element 1 1 02 ' receive request to configure VPN unit'; figure 1 3, elements 1 31 0 'define 
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VPN parameters', 1314 'define access control rules ', 1316 'define address translation rules ': and 
column 15, line 52-column 16, line 15, of Arrow, emphasis added). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54 of 
Arrow). However, Arrow does not specifically mention the IPsec (Internet Protocol security 
protocol). Neither does Arrow Specifically mention that the VPN units make a request to the 
VPN management unit in order to communicate with other VPN units. 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi 
discloses using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph 
[0008] of Yamaguchi). 

On the other hand, Rothermel teaches managing multiple network security 
devices from a manager device, wherein Rothermel discloses that the VPN units makes a 
request to the VPN management unit in order to communicate with other VPN units (see figure 
1, elements 120, 160 'supervisor/host device', element 110 'security policy manager device'; 
and column 5, line 52-60 'In some embodiments, the manager device and supervisor devices 
are external devices. Security for the communications between the manager device , supervisor 
devices [ i.e.. VPN management units ], and NSDs fi.e.. VPN units] can be provided in a variety of 
ways . For example, any of the information transmitted between the NSDs and the supervisor 
devices and between the supervisor devices and the manager device can be protected from 
unauthorized access by encrypting the information (e.g., using Data Encryption Standard (DES) 
in Cipher Block Chaining (CBC) mode).', of Rothermel). 

iii. It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Yamaguchi into the method of Arrow to use 
IPsec. 

It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Rothermel into the method of Arrow to let 
the VPN units make a request to the VPN management unit in order to communicate with other 
VPN units. 

iv. The ordinary skilled person would have been motivated to have applied the 
teaching of Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches 
implementing VPN (Virtual Private Network) via IP (Internet Protocol), and Yamaguchi discloses 
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using IPsec to implement VPN (see page 1, paragraph [0008] of Yamaguchi). Therefore, 
Yamaguchi's teaching would be a good match to Arrow's teaching. 

The ordinary skilled person would have been motivated to have applied the 
teaching of Rothermel into the system of Arrow to let the VPN units make a request to the VPN 
management unit in order to communicate with other VPN units, because Arrow teaches "If a 
packet is received from a remote client that is not currently 

authenticated, the system attempts to authenticate the remote client before forwarding traffic 
from that client. If authentication is successful, the system dynamically retrieves configuration 
information for the remote client from a database [i.e., VPN management unit] and further traffic 
from that client will be processed according to the retrieved configuration information." (see 
column 8, lines 11-20, of Arrow, emphasis added). Rothermel teaches that the VPN units make 
a request to the VPN management unit in order to communicate with other VPN units (see ii 
above). Therefore, Rothermel's teaching could enhance Arrow's system. 
Referring to claims 18. 30 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: an IPsec 
processing apparatus. They further disclose the SPD, SAD (see e.g. figure 10, elements 1010, 
1005 of Yamaguchi). 

Referring to claims 20, 32 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: an IPsec 
processing apparatus. They further disclose acquiring new setting information (see column 10, 
lines 41-51 of Arrow). 

Referring to claim 21 : 

i. Arrow teaches: 

An IPsec setting method comprising: 

receiving from IP processing apparatus a request (see column 14, lines 33- 

44, of Arrow), 

retrieving IP policy rules from memory and generating IP settings 
parameters based on the content of the request from the IP processing apparatus and the 
retrieved policy rules (see column 14, lines 33-44, of Arrow); and 
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transmitting the generated IP settings to the IP processing apparatus (see 
column 14, lines 33-44, of Arrow). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54 of 
Arrow). However, Arrow does not specifically mention the IPsec (Internet Protocol security 
protocol). Neither does Arrow Specifically mention that the VPN units make a request to the 
VPN management unit in order to communicate with other VPN units. 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi 
discloses using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph 
[0008] of Yamaguchi). 

On the other hand, Rothermel teaches managing multiple network security 
devices from a manager device, wherein Rothermel discloses that the VPN units makes a 
request to the VPN management unit in order to communicate with other VPN units (see figure 
1, elements 120, 160 'supervisor/host device', element 110 'security policy manager device'; 
and column 5, line 52-60 'In some embodiments, the manager device and supervisor devices 
are external devices. Security for the communications between the manager device , supervisor 
devices [ i.e.. VPN management units ], and NSDs fi.e.. VPN units] can be provided in a variety of 
ways . For example, any of the information transmitted between the NSDs and the supervisor 
devices and between the supervisor devices and the manager device can be protected from 
unauthorized access by encrypting the information (e.g., using Data Encryption Standard (DES) 
in Cipher Block Chaining (CBC) mode).', of Rothermel). 

iii. It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Yamaguchi into the method of Arrow to use 
IPsec. 

It would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine the teaching of Rothermel into the method of Arrow to let 
the VPN units make a request to the VPN management unit in order to communicate with other 
VPN units. 

iv. The ordinary skilled person would have been motivated to have applied the 
teaching of Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches 
implementing VPN (Virtual Private Network) via IP (Internet Protocol), and Yamaguchi discloses 
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using IPsec to implement VPN (see page 1, paragraph [0008] of Yamaguchi). Therefore, 
Yamaguchi's teaching would be a good match to Arrow's teaching. 

The ordinary skilled person would have been motivated to have applied the 
teaching of Rothermel into the system of Arrow to let the VPN units make a request to the VPN 
management unit in order to communicate with other VPN units, because Arrow teaches "If a 
packet is received from a remote client that is not currently 

authenticated, the system attempts to authenticate the remote client before forwarding traffic 
from that client. If authentication is successful, the system dynamically retrieves configuration 
information for the remote client from a database [i.e., VPN management unit] and further traffic 
from that client will be processed according to the retrieved configuration information." (see 
column 8, lines 11-20, of Arrow, emphasis added). Rothermel teaches that the VPN units make 
a request to the VPN management unit in order to communicate with other VPN units (see ii 
above). Therefore, Rothermel's teaching could enhance Arrow's system. 
Referring to claim 28 : 

Arrow, Yamaguchi, and Rothermel teach the claimed subject matter: a network. 
They further disclose the inquiry means (see page 4, paragraph [0045], lines 1 -5 of Yamaguchi). 

Response to Arguments 

5. Applicant's arguments, filed on October 28, 2008, have been fully considered 
and are persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Rothermel. 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Joseph Pan whose telephone number is 571-272-5987. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone numbers for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 571-272-2100. 



Joseph Pan 
February 25, 2009 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



